CVE-2005-2660

apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug...

mybbXSS.txt

XSS VULN IN ALL MYBB VERSIONS INCLUDING PR2 Vendor: given SEVEN days notice, no patch released! Just to say, I am apalled with the fact that I contacted MyBB on the 30 August, and was originally not planning to go public. However, because they have failed to release a patch I have decided to aler...

CVE-2005-2379

Multiple cross-site scripting XSS vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 debug parameter to showenv, 2 test parameter to parsequery, or 3 delimiter or 4 CELLWRAPPER parameter to rwservlet...

TYPO3 Security Bulletin

A debug script exposes system information provided by phpinfo. By default, the script can be executed by a remote user. Component Type: Core Affected Component: Debug Script Version: 3.8.0 and earlier Vulnerability Type: Information Disclosure Severity: Low Problem Description: A debug script...

nbsmtp -- format string vulnerability

When nbsmtp is executed in debug mode, server messages will be printed to stdout and logged via syslog. Syslog is used insecurely and user-supplied format characters are directly fed to the syslog function, which results in a format string vulnerability. Under some circumstances, an SMTP server m...

CVE-2004-2268

PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php...

CVE-2002-2032

sqllayer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sqldebug parameter to 1 index.php and 2 modules.php...

FreeBSD : perl -- vulnerabilities in PERLIO_DEBUG handling (a5eb760a-753c-11d9-a36f-000a95bc6fae)

Kevin Finisterre discovered bugs in perl's I/O debug support : - The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 - A buffer overflow may occ...

druppy461.pl.txt

!/usr/bin/perl Mon Jul 4 18:19:35 CEST 2005 [email protected] DRUPAL-SA-2005-002 php injection in comments yes, its lame Hax0r code here, read before execute Run without arguments to show the help. BLINK! BLINK! BLINK! BLINK! Feel free to port to another stupid script language mIRC, python, TCL ...

CVE-2005-2027

The affected product is Enterasys Vertical Horizon VH-2402S. Vulnerable component: firmware handling of debugging commands. Root cause: firmware prior to 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account. Impact: attackers could obtain sensitive information or ...

[Full-disclosure] Undocumented account vulnerability in Enterasys Vertical Horizon switches

Problem Description An undocumented account with a default password exists, additionally guest users can DoS the switch. 2. Tested systems The following versions were tested and found vulnerable: Vertical Horizon VH-2402S with firmware 02.05.00 Vertical Horizon VH-2402S with firmware 02.05.09.07...

CVE-2005-1830

The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 allows remote attackers to cause a denial of service application crash via an invalid Debug Message pointer...

CVE-2005-1830

The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 allows remote attackers to cause a denial of service application crash via an invalid Debug Message pointer...

[Full-disclosure] Compuware Softice (DbgMsg driver) Local Denial Of Service

Compuware Softice DbgMsg driver Local Denial Of Service by Piotr Bania [email protected] http://pb.specialised.info Original location: http://pb.specialised.info/all/adv/sice-adv.txt Severity: Low / Medium - BSOD Blue Screen Of Death DOS Software affected: Tested on Softice from DriverStudio...

Compuware SoftIce debugger debug message driver DoS

BSOD on invalid debug message pointer...

Invision Power Board 2.0.3 - 'login.php' SQL Injection

!/usr/bin/perl -w This one actually works : Just paste the outputted cookie into your request header using livehttpheaders or something and you will probably be logged in as that user. No need to decrypt it! Exploit coded by "Tony Little Lately" and "Petey Beege" use LWP::UserAgent; $ua = new...

security flaw

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...

CVE-2005-1148

calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid 1 year or 2 month parameters, which leaks the full pathname and debug information...

CVE-2005-0866

cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2005-0866

cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files...